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Claims 

[d] i.An authentication mechanism, for a network where a 

spanning tree protocol is performed comprising a plural- 
ity of bridges, a plurality of layers, a plurality of 
switches, and a plurality of ports, the authentication 
mechanism comprising: 
a plurality of bridge protocol data units; 
a permit list; and 

a plurality of authentication rules. 

[c2] zThe authentication mechanism as recited in claim I, 
wherein the bridge protocol data unit comprises: 
a root identifier field; and 
a bridge identifier field. 

[c3] 3.The authentication mechanism as recited in claim I, 
wherein the permit list comprises a plurality of bridge 
addresses allowed in the bridge protocol data units that 
are received. 

[c4] 4.The authentication mechanism as recited in claim I, 
wherein the authentication rules comprise: 
if the bridge protocol data unit that is received uses the 
bridge address of the switch, the bridge protocol data 



unit is permitted; 

if the bridge address of the bridge identifier does not 
match the bridge addresses in the permit list, the bridge 
protocol data unit that is received is ignored; and 
if the bridge address of the root identifier does not 
match the bridge addresses in the permit list, the bridge 
protocol data unit that is received is ignored. 

[c5] s.The authentication mechanism as recited in claiml, 
wherein the port further comprises a state machine. 

[c6] 6.The authentication mechanism as recited in claim 4, 

wherein when the port receiving the bridge protocol data 
unit that fails the bridge address permit list, the authen- 
tication rules further comprises: 

the state machine of the spanning tree protocol port be- 
ing reset; 

the bridge protocol data units that pass the permit list 
being processed; 

an operEdge variable being set to false if the port is an 
edge port; and 

resuming when none of the bridge point data units fail- 
ing the permit list have been received for a period. 

[c7] zThe authentication mechanism as recited in claim 6, 
wherein the period is in the order of tens of seconds. 



[c8] s.The authentication mechanism as recited in claim 6, 

wherein the authentication rules are applicable when the 
spanning tree protocol is enabled on the switch. 

[c9] 9.The authentication mechanism as recited in claim 1, 
wherein the bridge address of the bridge potentially be- 
ing a root bridge is specified in the permit list, for trig- 
gering a root identifier checking. 

[do] jo.The authentication mechanism as recited in claim 1, 
wherein all the switches in a bridge domain that is 
trusted are specified in the permit list. 



